bluecue supports GASCATE on its journey to an ISO 27001 certification through efficient data analysis in Splunk
The “GASCADE Gastransport GmbH” redesigned its entire IT-structure including its IT-security. As an operator of a critical infrastructure according to the Federal Office for Information Security, GASCADE is furthermore obligated to acquire the internationally recognized certification ISO 27001 for information security. To face the challenge, the company implemented the monitoring platform Splunk Enterprise and reached out to an IT-expert that is already ISO certified: the bluecue consulting GmbH & Co. KG.
“In order to get the ISO-certification, a company implements its own compliance and IT-security guidelines”, explains René Golembewski, IT-security representative of GASCADE. “The auditor reviews them and checks whether the company complies with its guidelines and how, when and where they are documented.”
To meet the requirements it is essential to have a good overview of all processes within one’s own IT-structure. “I wanted to know: How does my infrastructure function and what happens in my network?” remembers Golembewski. He started by installing the free trial version of Splunk – a BigData solution that enables companies to gather, monitor and evaluate large amounts of data. “After one week I could evaluate all aspects I was interested in with Splunk and could even depict them graphically. I got a great overview – quick and easy. Splunk is very intuitive.”
Expertise by bluecue
However, it is not enough to analyse company threats. How much spam do I get? Who scans the company? Who attacks the company? Are there visible trends? “A big part of the certification is authorisation”, explains Denis Roehr, IT-expert from bluecue. “Which employee is allowed to access what at which time? Which VPN-connection is used to access the network and what kind of modifications are done?”
In order to analyse such information in Splunk, GASCADE’s entire Active Directory had to be implemented into the monitoring solution. “We needed help from an expert to do that”, says Golembewski. “Even though Splunk is easy to operate, the so called Data-Onboarding can get complicated. That’s why bluecue was recommended to us as a very good German Splunk partner.”
No sooner said than done. The bluecue experts connected the Active Directory, built the first dashboards and made sure that Golembewski and his team could see all information regarding User-, Access- and Identity-Management in no time, while simultaneously checking them according to their own compliance- and IT-security guidelines.
“Because bluecue is already certified according to ISO 27001:2013, they knew exactly which information within the Active Directory we needed and could unerringly obtain them”, states Golembewski, adding he is satisfied with the easy and straightforward collaboration.
His next step is to integrate and analyse the security tool Kaspersky in Splunk. bluecue will once again offer the necessary guidance as their role is “a full-range support regarding Splunk – architectural as well as operational”, says Golembewski.
High security standards in risky environments
It is not surprising that the Federal Network Agency requests the ISO certification. GASCADE is one of Germany’s biggest operators of a natural gas infrastructure and supplies consumers in all of Central Europe. Gas bookings happen online, hourly, 24/7. “Unlike a nuclear power plant that simply produces electricity, we can’t build a fence around ourselves,” explains Golembewski. “Our entire commercialization happens via the internet and a European capacity platform respectively. That means we have to be online – always. And our webservers are accessible worldwide.” Consequently, the company is constantly exposed to potential threads from outside its own network.
“Thanks to Splunk we can see very precisely what is happening within our network, who attacks us and who implements changes. That fact created massive approval on our decision making level”, Golembewski sums up. “That’s why we will expand Splunk.” Also, GASCADE has to meet certain publishing obligations which is much easier now that Splunk is implemented.
One solution, many advantages
Monitoring and operating its own infrastructure is relatively new for GASCADE. Their entire IT was operated by its parent company BASF until recently. However, due to regulatory requirements it had to be decentralized. “Since we are operating the entire IT ourselves now, we also have to make sure our IT-security is top-notch”, says Golembewski. “Splunk is an ideal solution to automatize many processes and document them simultaneously. Now I can create reports and show that we comply with our policies at the touch of a button. On top of that, I can analyze our performance as well as retrace the management of our external VPN-accounts – from the past and in real-time.” This overview is especially important if you are working in an infrastructure as complex and critical to security as GASCADE’s is.
The fact that Splunk was easy to implement was as satisfactory for Golembewski as having the experienced Splunk experts from bluecue by his side. Why? “Somehow Splunk was always sort of a side project. bluecue brought order into our rather chaotic project management and implemented exactly the components we needed.“
- Posted by bluecue consulting
- On 2016/06/07